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Detailed Description Text - DETX (4) : 

Installed at the manager console 12 is shell software having a 
suitable 

management platform 15, for example, an application process interface 
(or 

" API " ) for the operation of the management application 16. For 
example, 

Microsoft Windows would be a suitable platform 15 from which the 
management 

application 16 may be launched. In one embodiment of the invention, 
the 

management application 16 may coexist with Netware Management System 
(or "NMS") 

software manufactured by Novell, Inc., Openview network manager 
software 

manufactured by Hewlett Packard or another third party network 
management 

systems. For example, it is specifically contemplated that the 
management 

application 16 may be launched from Novell's NetWare Management Map 
focussed on 

a selected server. Alternately, the management application 16 may 
operate 

independent from the NetWare Management System products if the file 
server 10 

is running NetWare v. 3. 11 or higher. 



Detailed Description Text - DETX (89) : 

Having selected the secondary logical drive or accepted the default 
primary 

logical drive for viewing, at step 248, the network administrator may 
then view 

the logical drive. Information displayed in the information block 562 
of the 

internal IDA logical drive GUI 556 for the selected logical drive are 
status, 

fault tolerance, auto-reliability, rebuild blocks, accelerator board 
and 

capacity. Status is a monitored item which indicates the status of the 
logical 

drive and may be in one of the following states: OK, failed, 
unconf igured , 



recovering, ready rebuild, rebuilding, wrong drive, bad connect, 
overheating 

and shutdown. Of these, OK indicates that the logical drive is in 
normal 

operation mode, failed indicates that more physical drives have failed 
than the 

fault tolerance mode of the logical drive can handle without data loss, 
unconfigured indicates that the logical drive is not configured, 
recovering 

indicates that the logical drive is in an interim recovery mode where 
at least 

one physical drive has failed but the logical drive's fault tolerance 
mode lets 

the drive continue to operate with no data loss, ready rebuild 
indicates that 

the logical drive is ready for automatic data recovery and that the 
physical 

drive that failed has been replaced but the logical drive is still 
operating in 

interim recovery mode, rebuilding indicates that the logical drive is 
doing 

automatic data recovery during which fault tolerance algorithms restore 
data to 

the replacement drive, wrong drive indicates that the wrong physical 
drive was 

replaced after a physical drive failure, bad connect indicates that a 
physical 

drive is not responding, overheating indicates that the drive array 
enclosure 

that contains the logical drive is overheating, and shutdown indicates 
that the 

drive array enclosure that contains the logical drive has overheated 
and that 

the logical drive is no longer functioning. 
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Brief Summary Text - BSTX (12) : 

Furthermore, as computer systems become more integrated into 
users 'lives, it 

would be beneficial to provide a computer system which is tolerant of 
software 

and power failures. That is, a computer system which automatically 
recovers 

itself after a software application crashes or a power failure occurs. 



Detailed Description Text - DETX (28) : 

User applications 185 include any of a wide variety of conventional 
software 

applications which are executable on a computer system. User 
applications 185 

call InstantON servicing agent 140 directly using application 



interface (API) procedure calls, as discussed in more detail below. A 
user 

application 185 can call InstantON servicing agent 140, for example, in 
order 

to store checkpoint data or to indicate the system should be placed in 
Standby 

mode, as discussed in more detail below. 



Detailed Description Text - DETX (128) : 

Additionally, the software timers utilized by the present invention 
are not 

operational when the system is in Standby mode. When the system 
resumes 

operation from Standby mode, InstantON servicing agent 14 0 updates the 
software 

timers to reflect the amount of time which the system spent in Standby 
mode . 

Thus, bringing the system out of Standby mode prior to the time the 
scheduled 

action is to occur provides InstantON servicing agent 140 with 
sufficient time 

to restore the software timers to their proper values. 
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Brief Summary Text - BSTX (26) : 

A general object of the present invention is to provide an automatic 
recovery facility to complete failed sync points in systems that 
support 

multiple execution environments. 

Brief Summary Text - BSTX (2 9) : 

It is a further object of the present invention to extend the 
automatic 

recovery facility to support an open-ended set of resources and 
resource 

managers, and to support the recovery of participating resource 
managers 

without requiring operator or administrator involvement, except for 

extended 

outages . 

Detailed Description Text - DETX (11) : 

When application 56A within distributed application environment 52A 
desires 

to update files 78A and 78B, application 56A makes two separate update 
requests 

via a file application program interface within application 56A. The 
requests 

invoke protected resource adapters (henceforth called protected file 
adapter 

for this type of resource) 62A and 62B respectively for files 78A and 
78B (step 

500 of FIG. 3). Based on resource manager specific implementation, the 
protected file adapter knows the file is protected. If not already 
registered 

with the syncpoint manager for the work unit, protected file adapters 
62A and 

62B register with syncpoint manager 60A the fact that they want to be 
involved 

in all Commit /Backout requests for this work unit (step 5 02) . A "work 
unit" is 

a grouping of all resources, directly accessible and visible by the 
application, that participate in a sync point. It is generally 
associated with 

a logical unit of work identifier. For a further explanation of work 
units , 

see Local and Global Commit Scopes Tailored to Work Units below. Then 



protected file adapters 62A and 62B contact their respective resource 
managers 

63A and 63B to update files 78A and 78B (Step 504) . Return is made to 
application 56A. Next application 56A requests a syncpoint 58A, i.e. a 
commit 

in this case, to syncpoint manager 60A (Step 506) . In response, 
syncpoint 

manager 60A initiates a two-phase commit procedure (step 508) to be 
carried out 

for both of its registered resources, files 78A and 78B, represented by 
protected file adapters 62A and 62B and their respective resource 
managers 63A 

and 63B. In step 508, syncpoint manager 60A calls each of its 
registered 

resources at the adapter exit syncpoint exit entry point, given to the 
syncpoint manager by each resource adapter during registration, with a 
phase 

one "prepare" call. 



Detailed Description Text - DETX (17) : 

Application 56A gets control with the indication that the request to 
start 

was successfully sent by communication facility 57A. At this point 
application 

56A is able to send requests to application 56D and application 56A 
sends a 

request to application 56D over the established conversation. In this 
illustrated example, this request eventually causes application 56D to 
invoke a 

file application progrcun interface to update file 78D. As described 
above , the 

update request causes protected file adapter 62D to register with 
syncpoint 

manager 60D under the same work unit (previously assigned for 
application 56D 

(Step 532) when application 56D was started) (Step 533) . Also in step 
533, 

application 56D sends a reply to application 56A over the conversation 
indicating that it completed its work. Next, application 56A issues 
update 

requests for files 78A and 78B. As previously described, protected 
file 

adapters 62A and 62B had previously registered with syncpoint manager 
6 OA and 

they each contact resource managers 63A and 63B to perform the updates 
(Steps 

533 and 533A) . 



Detailed Description Text - DETX (152) : 

Exchange of log names is also required between recovery facilities 

and 

resource managers of protected resources such as shared files or 
databases . 

Unlike protected conversations, where exchange of log names is not 
necessary 

when conversations take place in the same system (since they share a 




common 

sync point log) , log name exchange is necessary for participating 
resource 

managers, even where resource managers are in the same system as the 
initiating 

application, because resource managers maintain their own sync point 
logs . 

Unlike protected conversations, which may utilize a communication 
protocol for 

establishing protected conversations and log name exchange as described 
by 

System Network Architecture LU 6.2 cited above, protected resources 
utilize 

non-protected conversations and a private message protocol for those 
functions . 

Also, for protected resources, it is not practical in all cases to 
centrally 

intercept initial communications to the resource manager by using a 
communication facility as the interceptor because the communications do 
not in 

all cases proceed through a communications facility. One example of 
this is 

the case of a resource manager 63A FIG. 2 that is in the same system 
5 OA as the 

application environment 52A and application 56A that uses its resource. 
This 

situation does not require conversations with the resource to pass 
through the 

communications facility, but instead supports conversations through the 
conversation manager 53A or other local facilities. Another reason is 
to 

afford the flexibility of supporting resource managers without 
requiring them 

to entirely change their method of communication with the users of 
their 

resource in order to conform to the System Network Architecture LU6.2 
communication protocols. Automatic recovery processing from a sync 
point 

failure requires that the names of the various participant's logs 
remain the 

same as they were before the sync point began, as was the case for 
protected 

conversations described above. 



Detailed Description Text - DETX (160) : 

2. object . sub . -- recovery resource, identified by an object . sub .- - 
recovery 

resource identifier, which is a resource manager log 800 and supporting 
procedures for cooperating with a recovery facility 70 in the recovery 
from a 

failed sync point procedure. This identifier is used by a recovery 
facility 70 

at the time of recovering from a failed sync point to establish a 
conversation 

with the manager of the resource 63 to exchange log names and complete 
the sync 

point as a part of automatic recovery. 



Detailed Description Text - DETX (181) : 

When application 56A FIG. 23 requests a sync point from sync point 
manager 

60A, sync point manager 60A sends the above object . sub. -- recovery 
resource 

identifier and object resource identifier to recovery facility 70A 
where it is 

stored in sync point log 72A1 along with the information describing the 
state 

in the sync point process. If a failure occurs during a sync point, 
recovery 

facility 70A is activated to perform the operations necessary to 
complete the 

sync point procedure. If resources were participating in the failing 
sync 

point, recovery information in the associated recovery facility's sync 
point 

log entry is available to permit contact with those resources in order 
to 

accomplish recovery. For example, if application 56A goes down during 
a 

two-phase commit operation, then recovery facility 70A is activated and 
subsequently exchanges log names with resource manager 63A. When this 
second 

exchange indicates that log names have not changed since the sync point 
was 

initiated, recovery facility 70A knows that it can continue with the 
recovery 

of the sync point. A log name mismatch in the exchange would indicate 
that log 

information required for automatic recovery has been lost and therefore 
automatic recovery should not be attempted. The recovery facility 70A 
initiates the second log name exchange and asks resource manager 63A 
what state 

or phase it was in prior to the failure. Even though the initial 
exchange of 

log names was initiated by resource manager 63A, as described above, 
the 

exchange of log names required after the failure is initiated by 
recovery 

facility 70A as follows: 



Detailed Description Text - DETX (194) : 

Recovery Facility 70A illustrated in FIG. 2 is used to complete a 
sync point 

that encounters a failure. In most cases the recovery 
( resynchroni zat ion) i s 

accomplished automatically by a Recovery Facility 70A, which recognizes 
the 

failure and then acts as a surrogate for the local sync point manager 
60A to 

complete the sync point normally through alternate or reacquired 
communications 

to participants in the sync point. Failures include a failing sync 
point 



manager 6 OA, a failure in communications between a sync point manager 
6 OA and 

its recovery facility 70A, failure of communications with or failure of 
an 

application partner 56D or resource manager 63, and failure of the 

recovery 

facility 70A. 



Detailed Description Text - DETX (203) : 

Prior to a sync point occurrence there must be agreement between the 
participants in the sync point concerning the identity of the logs 
associated 

with the sync point and the current level of their respective logs 72. 
(Refer 

to the foregoing section entitled "Log Name Exchange For Recovery of 
Protected 

Resources") . This pre-sync point recovery agreement is important in 
case of a 

sync point failure to ensure that the logs used to recover from the 
sync point 

failure are the same ones and are at the same level as they were before 
the 

sync point was initiated. If, between the time of the pre-sync point 
recovery 

agreement (exchange of log names described above) and the occurrence of 
a sync 

point failure, one or more of the participants has a log failure and 
must begin 

with a new log, then the automatic recovery procedures associated with 
the 

failing log will fail. 

Detailed Description Text - DETX (205) : 

The recovery facility 70 provides automatic recovery from sync point 
failure 

and includes Step 303 --the various events that may occur to initiate 
the 

recovery procedure. Step 304 --the initialization of the recovery 
procedure. 

Step 305 --the actual recovery, referred to as a recovery driver 
process, and 

Step 306--the termination of the recovery procedure. The recovery 
facility 70 

includes asynchronous handling of multiple sync point failure events. 

Detailed Description Text - DETX (211) : 

(5) A recovery administrative request event 315 results from an 
administrative command that is used to repair sync point failures that 
have 

encountered prolonged delays or serious failures during the normal, 
automatic 

recovery procedure. The request manually supplies response state 
information 

that is normally available through automatic recovery protocols. The 
appropriate response state information is determined off-line from 



manual 

investigation of sync point log records . The appropriate response data 
(state 

information) is determined by administrators from manual investigation 
of sync 

point log records . 



Detailed Description Text - DETX (281) : 

1. The data structures from the recovery facility log records 
representing 

the status of the syncpoint operation are restored if the system failed 
where 

this recovery facility operates. From these data structures, the 
recovery 

facility can (in other embodiments the recovery facility might be 
called the 

syncpoint manager because one facility performs both syncpoint and 
recovery 

processing) determine the resources for which it is responsible for 
initiating 

recovery. If the recovery occurs without a system failure, it is not 
necessary 

to restore information from the log because the data structures written 
during 

syncpoint used by the recovery facility are still intact. 
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